Bug ID 795497: Wrong encoding of HTML when Bot Defense profile in use

Last Modified: Feb 01, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1

Opened: Jun 19, 2019
Severity: 3-Major

Symptoms

When including wide UTF-8 characters in the HTML (for example Chinese) and having the encoding set by a <meta> html tag, the encoding might be changed to Windows 1252 when enabling the Bot Defense profile in Blocking Mode.

Impact

Wide characters are not displayed correctly, for example, Chinese characters display as gibberish.

Conditions

-- Wide characters (such as Chinese) used in the HTML of the backend server. -- Character set defined via <meta> tag of the HTML. -- Bot Defense profile used in Blocking Mode.

Workaround

Change the injection order to inject the script after the <meta> tag, with failover to before the <script> tag: tmsh modify sys db dosl7.parse_html_inject_tags value after,meta,before,script,before,/head,before,body

Fix Information

None

Behavior Change